2019-2020-1 20199308 "Linux kernel principle and Analysis" in the second week of work

"Linux kernel analysis"

The first chapter Computers Work

1.1 stored program computer working model

• Von Neumann architecture
  a variety of computer architectures need to comply with the "objective laws"

  • Structure chart
    

  • The core von Neumann architecture is a stored program computer.

  • Memory to hold instructions and data, the CPU is responsible for interpreting and executing these instructions, which are connected together by a bus.
    Schematic diagram of stored program computer
    

  • For x86-32 computer, the EIP register a point to a memory instruction, the EIP is incremented by one (add instruction).

1.2 x86-32 assembler basis

1.2.1 x86-32 CPU registers

• E register begins, typically 32 bits.

• 

• 32-bit registers EAX, EBX, ECX, and EDX can not only transmit data, temporary data save arithmetic logic operation result, it can also be used as the pointer register.
• Segment register

• Snippet: using the CS: EIP accurately specifies the memory address of the next instruction (i.e., first need to know the code in which a code segment, and then need to know the relative offset of the instruction address in the code segment EIP).
  

• Stack segment: each process has its own stack segment.

• Refers to the beginning of the ribbon R are 64-bit registers.

  1.2.3 common assembly instructions and addressing modes

• The most common is the assembly instructions mov instruction, movb means 8; MOVW means 16; Movl means 32; MOVQ means 64.
• Addressing

• 

• x86-32 Most instructions can directly access memory, but there are some instructions directly to memory operations, such as mov, push / pop and so on.
• Push: the pushl push 32 is represented:

pushl %eax

Is the value of the EAX register stack is pressed onto the stack. Actually two actions:
① the value of the ESP register stack the stack minus 4. ( Because the stack grows downwards, so use subl subtract instructions, that is, a memory cell stack set aside )

subl $4, %esp

② Indirect addressing is to place the value of the EAX register into the ESP register points, then the ESP register points to the memory cell has been set aside out.

movl %eax, (%esp)

• The stack:

popl %eax

Take one memory cell stack from the stack, EAX register into the stack from the position of the stack. Actually two actions:
① the value of EAX register into the top of the stack.

movl (%esp), %eax

The top of the stack with the instruction ② addl plus 4, corresponding to the position of the stack upwardly backoff one memory cell, i.e. stack contraction.

addl $4, %esp

Pushl instruction each execution stack are growing stacks are contracted to execute instructions popl

• The call instruction is a function call, the equivalent of two actions:

push %eip
movl f %eip

• It is a function return instruction ret
• EIP and programmer can not be directly modified, only the dedicated instruction (e.g., call, ret jmp and the like) modified indirectly.

1.2.4 assembly code example parses

The following two fragments are the same as the effect of changes

The following fragment is slightly complex (Book P12)

1.3 compile a simple C language program and analyze their assembly instructions execution

• "Ls" command to view
  

vi main.cCommand to open the VIM editor main.c file

gcc main.cCommands directly compile
echo $?command to check the return value of this program

gcc -S -o main.s main.c -m32Main.c compiled into a command to assembly code
in VIM editor with
g/\.s*/da command to delete all additional information, access to "clean" assembly code

• Analysis of the above-described "clean" assembly code

1 g:
2   pushl   %ebp  //将EBP压栈，将位置4存到位置7；ESP也指向位置7。
3   movl    %esp, %ebp  //将EBP也指向位置7。
4   movl    8(%ebp), %eax  //EBP变址寻址，加8，即指向位置7不动，并把位置5的内容（即立即数8）放入EAX（取出函数g的参数）。
5   addl    $3, %eax  //将立即数3加到EAX中，即8+3，EAX为11。
6   popl    %ebp  //将位置7的内容（即位置4）放回EBP（即恢复函数f的函数调用堆栈基址EBP），即EBP指向位置4；【同时ESP加4，指向位置6】。
7   ret  //(popl%eip)将ESP所指向的内容，即行号15放入EIP，即EIP指向行号15；同时ESP加4，即指向位置5。
8 f:
9   pushl   %ebp  //将EBP向下移动（从EIP的位置3开始），指向位置4。
10  movl    %esp, %ebp  //将ESP也指向EBP的位置4。
11  subl    $4, %esp  //ESP减4，指向位置5。
12  movl    8(%ebp), %eax  //EBP变址寻址8，向上移动两个存储单元即加两个标号的位置，即指向位置2；并将位置2存储的立即数8放到EAX中。
13  movl    %eax, (%esp)  //将EAX放入ESP中，即立即数8放入位置5。
14  call    g  //类似第22行，将ESP指向位置6,；把EIP行号15放到位置6，并指向函数g的位置即第2行。
15  leave  //撤销函数堆栈，等价于=(movl %ebp,%esp和popl %ebp)，即将EBP的内容（位置4）放入ESP，即ESP也指向位置4；【然后把位置4的内容（即位置1）放回EBP，即EBP指向位置1；同时ESP加4，指向位置3。】
16  ret     //将ESP所指向的位置3的内容（即行号23）放到EIP中，即EIP指向行号23,；同时ESP加4，指向位置2。 
17 main:
18  pushl   %ebp  //开始执行第一条指令，EIP自动加1即指向行号19；把EBP的值压栈，先将EBP指向位置1，再将EBP的值标号0。
19  movl    %esp, %ebp  //EIP自动加1即指向行号20；将EBP指向位置1。
20  subl    $4, %esp  //EIP自动加1即指向指向行号21；将ESP减4，即向下移动，指向位置2。
21  movl    $8, (%esp)  //EIP自动加1即指向行号22；把立即数8放入ESP，仍指向位置2（20和21行同作为压栈f函数所需参数）。
22  call    f  //执行此行时，EIP已经自动加1指向了下一行即指向行号23(pushl %eip)，然后将函数f的开始指令放入EIP(movl f %eip)，即EIP指向函数f的位置即第9行。
23  addl    $1, %eax  //将EAX加立即数1，即11+1,EAX的值为12,（EAX是默认存储函数返回值的寄存器）。
24  leave  //撤销函数main堆栈，将EBP和ESP都指回位置1，【同时把位置1存储的内容（即位置0）放到EBP，即EBP指向位置0；并ESP加4，也指向位置0】。
25  ret  //指令结束。

[] Did not quite understand the whole content

• leave instruction order is equivalent to:

movl %ebp,%esp
popl %ebp

• enter instruction is equivalent to:

pushl %ebp
movl %esp, %ebp